[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r12929: If bridge authorities set BridgePassword, they will serve a (in tor/trunk: . src/or)



Author: arma
Date: 2007-12-22 06:48:17 -0500 (Sat, 22 Dec 2007)
New Revision: 12929

Modified:
   tor/trunk/ChangeLog
   tor/trunk/src/or/directory.c
Log:
If bridge authorities set BridgePassword, they will serve a
snapshot of known bridge routerstatuses from their DirPort to
anybody who knows that password. Unset by default.


Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2007-12-22 11:42:12 UTC (rev 12928)
+++ tor/trunk/ChangeLog	2007-12-22 11:48:17 UTC (rev 12929)
@@ -15,6 +15,11 @@
       currently have a Bridge line for it in our torrc. Bugfix on
       0.2.0.12-alpha.
 
+  o Major features:
+    - If bridge authorities set BridgePassword, they will serve a
+      snapshot of known bridge routerstatuses from their DirPort to
+      anybody who knows that password. Unset by default.
+
   o Minor bugfixes:
     - Make the unit tests build again.
     - Make "GETINFO/desc-annotations/id/<OR digest>" actually work.

Modified: tor/trunk/src/or/directory.c
===================================================================
--- tor/trunk/src/or/directory.c	2007-12-22 11:42:12 UTC (rev 12928)
+++ tor/trunk/src/or/directory.c	2007-12-22 11:48:17 UTC (rev 12929)
@@ -2596,9 +2596,11 @@
       options->BridgePassword &&
       !strcmp(url,"/tor/networkstatus-bridges")) {
     char *status;
-    size_t len;
+    char decoded[64];
+    char *secret;
+    int r;
 
-    header = http_get_header(headers, "Authenticator: ");
+    header = http_get_header(headers, "Authorization: basic ");
 
     if (!header) {
       write_http_status_line(conn, 404, "Not found");
@@ -2606,7 +2608,10 @@
     }
 
     /* now make sure the password is right */
-    if (1) { // check password_is_wrong(header)
+    r = base64_decode(decoded, sizeof(decoded), header, strlen(header));
+    secret = alloc_http_authenticator(options->BridgePassword);
+    if (r < 0 || (unsigned)r != strlen(secret) || memcmp(decoded, secret, r)) {
+      /* failed to decode, or didn't match. Refuse. */
       write_http_status_line(conn, 404, "Not found");
       tor_free(header);
       goto done;
@@ -2614,9 +2619,9 @@
 
     /* all happy now. send an answer. */
     status = networkstatus_getinfo_by_purpose("bridge", time(NULL));
-    len = strlen(status);
-    write_http_response_header(conn, len, 0, 0);
-    connection_write_to_buf(status, len, TO_CONN(conn));
+    dlen = strlen(status);
+    write_http_response_header(conn, dlen, 0, 0);
+    connection_write_to_buf(status, dlen, TO_CONN(conn));
     tor_free(status);
     goto done;
   }